package com.itzhoun.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import reactor.core.publisher.Mono;

/**
 * @author zhounan
 * @date 2024/02/02 23:40
 * @Description
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //定制请求的授权规则
    //首页所有可以访问
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        //instances表示客户端放行
//        http.authorizeRequests().antMatchers("/instances").permitAll()
//                .anyRequest()   //任何请求
//        .authenticated();       //都需要身份认证
//
//        http.formLogin().loginProcessingUrl("/login");  //登录表单提交请求
//        http.csrf().disable();  //关闭csrf功能:跨站请求伪造,默认只能通过post方式提交logout请求
//        //开启自动配置注销的功能
//        http.logout().logoutSuccessUrl("/");
//    }

    @Bean
    SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
        return http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.GET, "/posts/**")
                .permitAll()
                .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN").pathMatchers("/posts/**")
                .authenticated()
                .anyExchange().permitAll().and().httpBasic()
                // .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)

                .and().build();
    }

    private Mono<AuthorizationDecision> currentUserMatchesPath(Mono<Authentication> authentication,
                                                               AuthorizationContext context) {
        return authentication.map(a -> context.getVariables().get("user").equals(a.getName()))
                .map(AuthorizationDecision::new);
    }

    @Bean
    public MapReactiveUserDetailsService userDetailsRepository() {
        UserDetails rob = User.withDefaultPasswordEncoder().username("test").password("test123").roles("USER").build();
        UserDetails admin = User.withDefaultPasswordEncoder().username("admin").password("admin")
                .roles("USER", "ADMIN").build();
        return new MapReactiveUserDetailsService(rob, admin);
    }


}
